package com.cy.jt.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
/*security 配置类*/
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
     /*定义密码加密匹配器对象*/
     @Bean
     public BCryptPasswordEncoder passwordEncoder(){
         return new BCryptPasswordEncoder();
     }
    @Override
    protected void configure(HttpSecurity http) throws Exception {
       // super.configure(http);
        //关闭跨域攻击
        http.csrf().disable();
        //设置认证登录页面
        http.formLogin()
            .loginPage("/login.html")
            .loginProcessingUrl("/login")
            .defaultSuccessUrl("/index.html");
        //设置认证规则(哪些资源必须登录后才能访问,哪些资源可以直接访问)
        http.authorizeRequests()
                .antMatchers("/login.html").permitAll()
                .anyRequest().authenticated();
    }
}
